Wallets and Self-Custody
What is Self-Custody
Self-custody means storing your cryptocurrency yourself without entrusting it to a third party. When you keep coins on an exchange, the exchange holds custody, but when you withdraw to a personal wallet, you're taking custody yourself.
Self-custody is essential for using DeFi. DeFi protocols interact directly with personal wallets and cannot be accessed through exchange accounts.
"Not your keys, not your coins." If you don't hold the private keys, those coins aren't truly yours. The FTX bankruptcy made many people painfully understand the meaning of this saying.
Types of Wallets
Hot Wallets
Wallets connected to the internet. Convenient but relatively vulnerable to hacking.
Browser Extension Wallets:
- MetaMask: Most popular. Supports Ethereum and EVM chains
- Rabby: Multi-chain support, enhanced security with simulation features
- Phantom: Representative wallet for Solana ecosystem
- Keplr: Cosmos ecosystem wallet
Mobile Wallets:
- MetaMask Mobile: Mobile DeFi access
- Trust Wallet: Binance supported, multi-chain
- Rainbow: Ethereum, clean UI
Cold Wallets
Wallets not connected to the internet. Inconvenient but most secure.
Hardware Wallets:
- Ledger: Most popular. Nano S Plus, Nano X, Stax, etc.
- Trezor: Open source. Model One, Model T, Safe 3
- GridPlus Lattice1: For advanced users. Large screen
Paper Wallets:
- Print private key on paper for storage
- Risk of physical damage, loss
- Rarely used nowadays
Wallet Type Comparison
| Type | Convenience | Security | Best For |
|---|---|---|---|
| Browser Wallet | High | Medium | Daily DeFi use |
| Mobile Wallet | High | Medium | Small amounts, mobile use |
| Hardware Wallet | Low | High | Large amounts, long-term storage |
Private Keys and Seed Phrases
Private Key
A private key is like the password that controls your wallet. It's represented as a 64-character hexadecimal string.
Example: 0x4c0883a69102937d6231471b5dbb6204fe5129617082792ae468d01a3f362318
Anyone with the private key can control all assets in that wallet. It must never be exposed.
Seed Phrase (Recovery Phrase)
A seed phrase is the private key expressed in human-readable form. It usually consists of 12 or 24 English words.
Example: apple banana cherry dog elephant frog guitar house igloo jungle kite lemon
Multiple private keys and addresses can be derived from one seed phrase. One seed phrase = all accounts in one wallet.
Seed Phrase Management Principles
Never Do:
- Do not store digitally (photos, cloud, note apps)
- Do not share with anyone (beware of customer support impersonators)
- Do not enter on websites (phishing sites)
- Do not transmit online (email, messengers)
Always Do:
- Write it down by hand on paper
- Store in at least 2 separate locations (for fire, flood protection)
- Consider waterproof/fireproof metal backup (Cryptosteel, etc.)
- Let a trusted person know storage location (for emergencies)
Setting Up MetaMask
Installation
- Install browser extension from metamask.io
- Select "Create a new wallet"
- Set password (this password is only for this device)
- Backup seed phrase - Record exactly in order on paper
- Pass seed phrase verification quiz
Adding Networks
MetaMask only has Ethereum Mainnet configured by default. You need to add other networks to use them.
Major Networks:
- Ethereum Mainnet (default)
- Arbitrum One (L2, low gas fees)
- Optimism (L2)
- Polygon (sidechain, very low gas fees)
- BNB Smart Chain (Binance chain)
- Avalanche C-Chain
- Base (Coinbase L2)
You can add networks with one click at Chainlist.org.
Account Management
You can create multiple accounts (addresses) from one seed phrase. Separating by purpose helps with risk management.
- Account 1: Main DeFi activity
- Account 2: NFT minting (for risky mints)
- Account 3: Airdrop hunting
Hardware Wallets
Why Hardware Wallets
Hardware wallets store private keys on an offline device. The device only activates when signing transactions, and the private key is never exposed to the internet.
Even if your computer is hacked, assets cannot be stolen without the hardware wallet. Even if the device is physically stolen, access is impossible without the PIN.
Hardware Wallet + MetaMask
Connecting a hardware wallet to MetaMask lets you use MetaMask's interface while enjoying hardware wallet security.
- Connect Ledger/Trezor to MetaMask
- Hardware wallet address appears in MetaMask
- Transactions require physical approval on hardware device
- Private key only exists inside hardware device
Recommended Amount Thresholds
| Holdings | Recommended Storage Method |
|---|---|
| Under $1,000 | Hot wallet (MetaMask, etc.) |
| $1,000~10,000 | Consider hardware wallet |
| Over $10,000 | Hardware wallet essential |
| Over $100,000 | Hardware wallet + consider multisig |
Security Best Practices
Phishing Prevention
Common Phishing Types:
- Fake MetaMask popups (requesting seed phrase)
- Domains similar to official sites (uniswap.com vs uniswap.com with Cyrillic 'a')
- "Customer support" via Discord/Telegram DMs
- Fake airdrop claim sites
Prevention Methods:
- Bookmark important sites and only access via bookmarks
- Always verify URL (HTTPS, correct domain)
- Never click links from DMs
- "Enter seed phrase" requests are 100% scams
Approval Management
When using DeFi, you grant token spending permission to protocols (Approve). If this approval is unlimited, you could lose all approved tokens if that contract is hacked.
Approval Management Methods:
- Check and revoke existing approvals at Revoke.cash
- When possible, only approve needed amounts (avoid unlimited approvals)
- Periodically clean up approvals from old protocols
Distributed Storage
Don't store all assets in one wallet.
- Hot wallet: Only daily use amounts
- Hardware wallet: Long-term storage assets
- Separate wallet: For risky activities (new mints, unverified protocols)
Diversify so that if one wallet is compromised, you don't lose everything.
Wallet Recovery
Recovery with Seed Phrase
When you lose or replace a device, you can fully recover your wallet with just the seed phrase.
- Install MetaMask on new device
- Select "Import existing wallet"
- Enter 12/24 word seed phrase
- Set new password
- Recovery complete - all accounts and assets restored
Unrecoverable Cases
- Lost seed phrase and device access lost - Permanent loss
- Wrong word order in seed phrase - Cannot recover
- Only partial seed phrase - Cannot recover (even 23 out of 24 won't work)
The seed phrase IS the assets themselves. Without backup, recovery is impossible through any technical means.
Advanced: Multisig
Concept
Multisig is a wallet that requires multiple private keys to sign together for a transaction to execute. For example, "2 of 3 keys required" means 2 out of 3 signers must agree to move funds.
Advantages
- Assets safe even if one private key is leaked
- Suitable for team/organization fund management
- Recovery possible even if key person dies/becomes incapacitated
Representative Services
- Safe (formerly Gnosis Safe): Most popular multisig wallet
- Supports Ethereum, Arbitrum, Polygon, and multiple chains
Summary
A self-custody wallet is essential for DeFi use, and the core of wallets is the private key and seed phrase. Write your seed phrase on paper and store it safely - never store digitally or share with anyone. Store large amounts in hardware wallets, and maintain daily security through phishing prevention and approval management. Wallet security is the foundation of all DeFi activities.
Next article: Understanding Smart Contracts - Code is Law